Cloud Security Overview
Security is critical for any organisation. PaySpace’s cloud security offering goes far beyond what most companies have been able to achieve for themselves. Using the latest firewall protection, SSL encryption, and proprietary security products, PaySpace gives you the peace of mind that only a world-class security infrastructure can provide.
Security is a multidimensional business imperative that demands to be considered at every level, from security for applications right through to the physical facilities and network security.
Here is an overview of how we handle security at various levels.
Protection at the Application Level
PaySpace protects your data by ensuring that only authorized users can access it.
- PaySpace protect your data by ensuring that only authorised users can access it.
- PaySpace is powered by a single instance, multi-tenant architecture, in which all users and applications share a single, common infrastructure i.e. database and code base, but is logically and unique separated for each customer. Authorisation and security policies ensure that each customer’s data is kept separate from that of other customers through the use of a TenantID field, which associates each record across multiple tables with an individual tenant.
- PaySpace provide each user in an organisation with a unique email address and password that must be entered each time a user logs on. This user record is associated with a TenantID.
- All access to PaySpace is governed by strict password security policies and all passwords are stored in encrypted format within the encrypted database providing a double layer of security
- Users are required to select a strong password
- User accounts are locked after there have been more than 5 unsuccessful login attempts made
- PaySpace also offer the ability to integrate directly with an organisation’s Active Directory (AD) to help enable easy user authentication. This ensures that password related policies are dictated by a business’ IT department in terms of password aging, password complexity etc.
- 128 bit SSL encryption is present on every form within the system – this means your information is encrypted during transmission.
- Selected organisational administrators can define security roles and attach users to these roles. Roles can be defined to restrict or allow users access to a specific area within the system.
- Administrators can give users access to view specific employees that are in turn, attached to organisational units defined on a company level. This further restricts users to only be able to access employee details across specific units
- All employee self-service users are only able to view their own profiles
- Reports which are emailed to users, are sent in a password protected zip file
- An audit trail exists on every screen for traceability purposes
- PaySpace uses safe bank EFT transfer technology to receive information and to interact with the banks for all necessary financial account validations
Protection at the Facilities Level
PaySpace utilise one of the most modern data centres in Africa. The security in the data centre consists of visible and invisible physical measures and other facilities to guarantee an uninterrupted service.
- PaySpace is backed up every 15 mins to an offsite backup server. A full backup is also conducted every evening
- No public access – Public access to the hosting facilities is strictly forbidden
- Video surveillance – Live video surveillance of the entire data centre is operational 24 hours a day. All entrances are monitored to the data centres to ensure that only authorised personnel gain access
- Access cards – A data-centre access proximity card system represents the second layer of security for entering the data centre. Access to the data centre itself is restricted to Certified Technical Points of Contact.
- Biometric security – Biometric security systems are the third layer of security for entering the data center. Biometric hand scanners are used to restrict access to the data centre and only Certified Technical Points of Contact have use of the biometric hand scanner system to enter the data centre.
In addition, the following safety and redundancy measures are in place to ensure continuity and stability at the data centre:
- Redundancy – All critical systems in the hosting centre are redundant. (N+N redundancy indicates having a complete replica of the system in place, as backup should the primary system fail.)
- Environmental monitoring – The data centres have N+N redundant heating, ventilation, and air conditioning systems to ensure that, even in the event of a system failure, the hosting environment will not be affected. The data centre also has an advanced fire-suppression system in place to contain fire.
- UPS (uninterrupted power supply) systems – The power systems are designed to run uninterrupted even in the event of a total power outage. All production systems in your hosting environment are fed with conditioned UPS power that will run whenever utility power fails. The UPS power subsystem is N+N redundant, with instantaneous fail-over to generators to ensure continuity.
- Diesel generator systems – Onsite diesel generators automatically start up in the event of a power surge or interruption in the power supply.
Protection at the Network Level
PaySpace uses proven security practices to ensure network security.
- PaySpace utilise a perimeter firewall that protects the network from malicious or unwanted behaviour from traffic entering our network, as well as keeping our network safe from Zero Day attacks, DOS (denial of service ) and DDOS (distributed denial of service) attacks, spoofing attacks and malicious code.
- Our Intrusion Prevention Systems (IPS) is a network security service that monitors network and/or system activities for malicious or unwanted behaviour and can react, in real-time, to block or prevent those activities.
Vulnerability Scanning Process
Our comprehensive vulnerability scanning process helps protect our networks by identifying and reporting network security vulnerabilities that can be exploited by cybercriminals.